5.1 Security Considerations for Implementers

Because SSTP Version 1 supports only transport of PPP frames, there is no need for any negotiation of parameters in the SSTP Call Connect Request message, Call Connect Acknowledge message, and Call Connected message exchange. When the server receives a Call Connect Request message, it sends a Call Connect Acknowledge message and triggers the PPP state machine. When the SSTP client receives the Call Connect Acknowledge message, it triggers the PPP state machine.

The SSTP server begins forwarding the PPP data frames only after it validates the Crypto Binding attribute in the Call Connected message from the SSTP client. The server drops any PPP data frames that are received before the Call Connected message is received. For more information about PPP, see [RFC1661].